Getting started

This section describes how security.manager NEXT can be activated for the service "SampleWorldCities" and how to restrict access to an individual layer. The service "SampleWorldCities" is part of each standard installation of ArcGIS Enterprise.

Preconditions

  • The service "SampleWorldCities" is available in the root folder of your ArcGIS Server. Make sure the service is started.

  • Disable public access via the sharing properties in ArcGIS Server Manager. To verify, click the Sharing Properties and make sure the value Everyone (public) is not selected, and the ArcGIS organization (the option below) is selected.

Protect the service

  1. Open Manager UI in the Browser via https://<tomcat-host>/secman-next and log in with an administrative ArcGIS Enterprise portal account.

  2. To activate security.manager NEXT for "SampleWorldCities", select the Service Manager tab and choose the Federated Server that hosts the "SampleWorldCities" service.

  3. Select Root Folder and click the security.manager NEXT disabled icon in front of SampleWorldCities in order to activate security.manager NEXT. This will restart the service, and the icon changes to security.manager NEXT enabled.

  4. To create a policy, click on the Edit permissions icon.

    As a policy you can use the following example:

    {
        "policies": [
            {
                "layers": ["0"],
                "roles": ["enhancedSecurity_authenticated"]
            }
        ]
    }

Alternatively you can edit the policy in a text editor, and upload it as file, or simply drag and drop it on the dialog. In section "Policy Format" you can learn more about the format and available policy features.

  1. Click Save changes and restart

Review permissions

A policy is a combination of layers, roles, and optional restrictions. Therefore, multiple permissions result from a single policy. These can be reviewed as follows.

A service must be started in order to view its policies.

Authorized layers

  1. Select the Policies tab, select your ArcGIS Server, and click on Root FolderSampleWorldCities.

  2. Select the Resources View.

  3. Navigate to the service of interest.
    The list of displayed services can be filtered by selecting a folder and/or using the filtering options at the top of the Folders and Services coloumn.

  4. Check that for layer Cities - 0, one permission is indicated in the icon.

  5. Click on Cities - 0 to review the actual permission.

Authorized groups

  1. Switch to the Groups View and select Authenticated UsersRoot FolderSampleWorldCities.

  2. Review the actual permission and verify that only the layer Cities - 0 is permitted.

Access the service

Administrative users always have full access.
  1. Open ArcGIS Server Manager.

  2. Navigate to SampleWorldCitiesCapabilitiesMapping.

  3. Open the REST URL in the lower part of the Capabilities page in an incognito browser window.

  4. Log in as a non-administrative user and verify that under Layers only Cities (0) is listed.

  5. Click on ArcGIS Online Map Viewer and verify that only the Cities layer is loaded into the map.